I have now worked around these issues, mostly by manually performing
steps on the command line or hacking the ansible scripts as previously
described. I have now managed to install pulp3. It wasn't easy.
Ben.
On 20/4/21 5:55 am, Mike DePaulo wrote:
Hi Ben,
I have experience dealing with http & https proxies in the past. I
would very much like to make pulp_installer work properly with them,
or to provide instructions on how to use them with it.
It seems like when software is configured internally to use a proxy,
it works. But when software is relying on environment variables, the
ansible become (i.e., sudo from "user1", to "root", to "pulp") gets
rid of the environment variable.
Try setting http_proxy and https_proxy as part of the user's
environment on the system, and configuring sudoers per this comment:
https://github.com/ansible/ansible/issues/38050#issuecomment-768501547
<https://github.com/ansible/ansible/issues/38050#issuecomment-768501547>
See in-line replies.
On Sun, Apr 18, 2021 at 10:14 PM Ben Stanley <ben.stan...@gmail.com
<mailto:ben.stan...@gmail.com>> wrote:
Hello Pulp people,
I'm trying to install pulp 3.12.0 on RHEL 7.8 using the ansible
method documented at
https://docs.pulpproject.org/pulpcore/installation/instructions.html
<https://docs.pulpproject.org/pulpcore/installation/instructions.html>
.
I have not yet managed to make it to the end of the
pulp_install.yml playbook without error. I have worked around 2
errors, but now I am stuck on the third. I believe the root cause
of my problems is trying to use a proxy server. I have set the
environment variables http_proxy, https_proxy and proxy appropriately.
1. At the step "TASK [pulp.pulp_installer.pulp_common : Import
required EPEL RPM GPG keys]"
(~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/repos.yml),
the rpm_key module has two problems.
1. The ansible rpm_key module fails to pass the proxy
settings to the underlying rpm call.
https://github.com/ansible/ansible/issules/19000
<https://github.com/ansible/ansible/issules/19000>
I worked around this problem by replacing the rpm_key
ansible module call with a raw line calling the rpm
command directly, and specifying the proxy settings to use.
See the link above for the environment variables.
1.
2. The rpm --import <key-url> command uses curl internally.
curl+proxy+https does not work, but curl+proxy+http works.
Note also wget+proxy+https works.
https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938
<https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938>
I worked around this problem by referencing the RPM-GPG
key with a http URL instead of a https URL.
That sounds like a bug in curl or libcurl. But if you are using a
proxy for https, then your system is talking to the proxy, which is in
turn talking to the webserver. So SSL is from your system to the
proxy. I suspect it's a cipher mismatch per that bug. Let me know if
you can figure out how to force the cipher.
Either way, I will discuss changing the URL from https to http, or
making it configurable via a variable at our next installer
development meeting.
1. At the step "TASK [pulp.pulp_installer.pulp_common : Upgrade
to a recent edition of pip (supporting manylinux2014)]"
(~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/install_pip.yml),
ansible fails with the error text:
fatal: [honeybee]: FAILED! => {"changed": false, "cmd":
["/usr/local/lib/pulp/bin/pip", "install", "pip>20.2"], "msg":
"stdout: Collecting pip>20.2\n\n:stderr: Retrying
(Retry(total=4, connect=None, read=None, redirect=None,
status=None)) after connection broken by
'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
object at 0x7ffafd356dd8>, 'Connection to pypi.python.org
<http://pypi.python.org> timed out. (connect timeout=15)')':
/simple/pip/\n Retrying (Retry(total=3, connect=None,
read=None, redirect=None, status=None)) after connection
broken by
'NewConectionError('<pip.vendor.urllib3.connection.VerifiedHTTPSConnection
object at 0x7ffafd356ef0>: Failed to establish a new
connection: [Errno 101] Network is unreachable',)':
/simple/pip/\n Retrying (Retry(total=1, connect=None,
read=None, redirect=None, status=None)) after connection
broken by
'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
object a 0x7ffafd356f98>:Failed to establish a new connection:
[Errno 101] Network is unreachable .....
I have not figured out how to work around this problem. It
seems that the pip ansible command is also not passing on the
correct proxy settings. I haven't even figured out how to work
around this problem running pip manually yet.
Hmm, so we start out with the old system version of pip, copied into
the virtualenv. Then we use it to upgrade the virtualenv the new
version of pip.
Perhaps the old version cannot talk to the proxy?
Try using the virtualenv like:
sudo -i -u pulp
source /usr/local/lib/pulp/bin/activate
export http_proxy=your-proxy-url
export https_proxy=your-proxy-url
pip install --upgrade pip
It would be fantastic if I could get some help with these issues
so that I can get my pulp server upgraded from pulp2 to pulp3.
Thanks,
Ben Stanley.
-Mike
--
Mike DePaulo
He / Him / His
Service Reliability Engineer, Pulp
Red Hat<https://www.redhat.com/>
IM: mikedep333
GPG: 51745404
<https://www.redhat.com/>
_______________________________________________
Pulp-list mailing list
Pulp-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pulp-list
